]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd-network/dhcp6-option.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
sd-network: fix memleak in dhcp6_option_parse_domainname (#5114)
[thirdparty/systemd.git] / src / libsystemd-network / dhcp6-option.c
1 /***
2 This file is part of systemd.
3
4 Copyright (C) 2014-2015 Intel Corporation. All rights reserved.
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <errno.h>
21 #include <netinet/in.h>
22 #include <string.h>
23
24 #include "sd-dhcp6-client.h"
25
26 #include "alloc-util.h"
27 #include "dhcp6-internal.h"
28 #include "dhcp6-protocol.h"
29 #include "dns-domain.h"
30 #include "sparse-endian.h"
31 #include "strv.h"
32 #include "unaligned.h"
33 #include "util.h"
34
35 #define DHCP6_OPTION_IA_NA_LEN 12
36 #define DHCP6_OPTION_IA_TA_LEN 4
37
38 typedef struct DHCP6Option {
39 be16_t code;
40 be16_t len;
41 uint8_t data[];
42 } _packed_ DHCP6Option;
43
44 static int option_append_hdr(uint8_t **buf, size_t *buflen, uint16_t optcode,
45 size_t optlen) {
46 DHCP6Option *option = (DHCP6Option*) *buf;
47
48 assert_return(buf, -EINVAL);
49 assert_return(*buf, -EINVAL);
50 assert_return(buflen, -EINVAL);
51
52 if (optlen > 0xffff || *buflen < optlen + sizeof(DHCP6Option))
53 return -ENOBUFS;
54
55 option->code = htobe16(optcode);
56 option->len = htobe16(optlen);
57
58 *buf += sizeof(DHCP6Option);
59 *buflen -= sizeof(DHCP6Option);
60
61 return 0;
62 }
63
64 int dhcp6_option_append(uint8_t **buf, size_t *buflen, uint16_t code,
65 size_t optlen, const void *optval) {
66 int r;
67
68 assert_return(optval || optlen == 0, -EINVAL);
69
70 r = option_append_hdr(buf, buflen, code, optlen);
71 if (r < 0)
72 return r;
73
74 memcpy_safe(*buf, optval, optlen);
75
76 *buf += optlen;
77 *buflen -= optlen;
78
79 return 0;
80 }
81
82 int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, DHCP6IA *ia) {
83 uint16_t len;
84 uint8_t *ia_hdr;
85 size_t ia_buflen, ia_addrlen = 0;
86 DHCP6Address *addr;
87 int r;
88
89 assert_return(buf && *buf && buflen && ia, -EINVAL);
90
91 switch (ia->type) {
92 case SD_DHCP6_OPTION_IA_NA:
93 len = DHCP6_OPTION_IA_NA_LEN;
94 break;
95
96 case SD_DHCP6_OPTION_IA_TA:
97 len = DHCP6_OPTION_IA_TA_LEN;
98 break;
99
100 default:
101 return -EINVAL;
102 }
103
104 if (*buflen < len)
105 return -ENOBUFS;
106
107 ia_hdr = *buf;
108 ia_buflen = *buflen;
109
110 *buf += sizeof(DHCP6Option);
111 *buflen -= sizeof(DHCP6Option);
112
113 memcpy(*buf, &ia->id, len);
114
115 *buf += len;
116 *buflen -= len;
117
118 LIST_FOREACH(addresses, addr, ia->addresses) {
119 r = option_append_hdr(buf, buflen, SD_DHCP6_OPTION_IAADDR,
120 sizeof(addr->iaaddr));
121 if (r < 0)
122 return r;
123
124 memcpy(*buf, &addr->iaaddr, sizeof(addr->iaaddr));
125
126 *buf += sizeof(addr->iaaddr);
127 *buflen -= sizeof(addr->iaaddr);
128
129 ia_addrlen += sizeof(DHCP6Option) + sizeof(addr->iaaddr);
130 }
131
132 r = option_append_hdr(&ia_hdr, &ia_buflen, ia->type, len + ia_addrlen);
133 if (r < 0)
134 return r;
135
136 return 0;
137 }
138
139
140 static int option_parse_hdr(uint8_t **buf, size_t *buflen, uint16_t *optcode, size_t *optlen) {
141 DHCP6Option *option = (DHCP6Option*) *buf;
142 uint16_t len;
143
144 assert_return(buf, -EINVAL);
145 assert_return(optcode, -EINVAL);
146 assert_return(optlen, -EINVAL);
147
148 if (*buflen < sizeof(DHCP6Option))
149 return -ENOMSG;
150
151 len = be16toh(option->len);
152
153 if (len > *buflen)
154 return -ENOMSG;
155
156 *optcode = be16toh(option->code);
157 *optlen = len;
158
159 *buf += 4;
160 *buflen -= 4;
161
162 return 0;
163 }
164
165 int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode,
166 size_t *optlen, uint8_t **optvalue) {
167 int r;
168
169 assert_return(buf && buflen && optcode && optlen && optvalue, -EINVAL);
170
171 r = option_parse_hdr(buf, buflen, optcode, optlen);
172 if (r < 0)
173 return r;
174
175 if (*optlen > *buflen)
176 return -ENOBUFS;
177
178 *optvalue = *buf;
179 *buflen -= *optlen;
180 *buf += *optlen;
181
182 return 0;
183 }
184
185 int dhcp6_option_parse_ia(uint8_t **buf, size_t *buflen, uint16_t iatype,
186 DHCP6IA *ia) {
187 int r;
188 uint16_t opt, status;
189 size_t optlen;
190 size_t iaaddr_offset;
191 DHCP6Address *addr;
192 uint32_t lt_t1, lt_t2, lt_valid, lt_pref, lt_min = ~0;
193
194 assert_return(ia, -EINVAL);
195 assert_return(!ia->addresses, -EINVAL);
196
197 switch (iatype) {
198 case SD_DHCP6_OPTION_IA_NA:
199
200 if (*buflen < DHCP6_OPTION_IA_NA_LEN + sizeof(DHCP6Option) +
201 sizeof(addr->iaaddr)) {
202 r = -ENOBUFS;
203 goto error;
204 }
205
206 iaaddr_offset = DHCP6_OPTION_IA_NA_LEN;
207 memcpy(&ia->id, *buf, iaaddr_offset);
208
209 lt_t1 = be32toh(ia->lifetime_t1);
210 lt_t2 = be32toh(ia->lifetime_t2);
211
212 if (lt_t1 && lt_t2 && lt_t1 > lt_t2) {
213 log_dhcp6_client(client, "IA T1 %ds > T2 %ds",
214 lt_t1, lt_t2);
215 r = -EINVAL;
216 goto error;
217 }
218
219 break;
220
221 case SD_DHCP6_OPTION_IA_TA:
222 if (*buflen < DHCP6_OPTION_IA_TA_LEN + sizeof(DHCP6Option) +
223 sizeof(addr->iaaddr)) {
224 r = -ENOBUFS;
225 goto error;
226 }
227
228 iaaddr_offset = DHCP6_OPTION_IA_TA_LEN;
229 memcpy(&ia->id, *buf, iaaddr_offset);
230
231 ia->lifetime_t1 = 0;
232 ia->lifetime_t2 = 0;
233
234 break;
235
236 default:
237 r = -ENOMSG;
238 goto error;
239 }
240
241 ia->type = iatype;
242
243 *buflen -= iaaddr_offset;
244 *buf += iaaddr_offset;
245
246 while ((r = option_parse_hdr(buf, buflen, &opt, &optlen)) >= 0) {
247
248 switch (opt) {
249 case SD_DHCP6_OPTION_IAADDR:
250
251 addr = new0(DHCP6Address, 1);
252 if (!addr) {
253 r = -ENOMEM;
254 goto error;
255 }
256
257 LIST_INIT(addresses, addr);
258
259 memcpy(&addr->iaaddr, *buf, sizeof(addr->iaaddr));
260
261 lt_valid = be32toh(addr->iaaddr.lifetime_valid);
262 lt_pref = be32toh(addr->iaaddr.lifetime_valid);
263
264 if (!lt_valid || lt_pref > lt_valid) {
265 log_dhcp6_client(client, "IA preferred %ds > valid %ds",
266 lt_pref, lt_valid);
267 free(addr);
268 } else {
269 LIST_PREPEND(addresses, ia->addresses, addr);
270 if (lt_valid < lt_min)
271 lt_min = lt_valid;
272 }
273
274 break;
275
276 case SD_DHCP6_OPTION_STATUS_CODE:
277 if (optlen < sizeof(status))
278 break;
279
280 status = (*buf)[0] << 8 | (*buf)[1];
281 if (status) {
282 log_dhcp6_client(client, "IA status %d",
283 status);
284 r = -EINVAL;
285 goto error;
286 }
287
288 break;
289
290 default:
291 log_dhcp6_client(client, "Unknown IA option %d", opt);
292 break;
293 }
294
295 *buflen -= optlen;
296 *buf += optlen;
297 }
298
299 if (r == -ENOMSG)
300 r = 0;
301
302 if (!ia->lifetime_t1 && !ia->lifetime_t2) {
303 lt_t1 = lt_min / 2;
304 lt_t2 = lt_min / 10 * 8;
305 ia->lifetime_t1 = htobe32(lt_t1);
306 ia->lifetime_t2 = htobe32(lt_t2);
307
308 log_dhcp6_client(client, "Computed IA T1 %ds and T2 %ds as both were zero",
309 lt_t1, lt_t2);
310 }
311
312 if (*buflen)
313 r = -ENOMSG;
314
315 error:
316 *buf += *buflen;
317 *buflen = 0;
318
319 return r;
320 }
321
322 int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen,
323 struct in6_addr **addrs, size_t count,
324 size_t *allocated) {
325
326 if (optlen == 0 || optlen % sizeof(struct in6_addr) != 0)
327 return -EINVAL;
328
329 if (!GREEDY_REALLOC(*addrs, *allocated,
330 count * sizeof(struct in6_addr) + optlen))
331 return -ENOMEM;
332
333 memcpy(*addrs + count, optval, optlen);
334
335 count += optlen / sizeof(struct in6_addr);
336
337 return count;
338 }
339
340 int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char ***str_arr) {
341 size_t pos = 0, idx = 0;
342 _cleanup_strv_free_ char **names = NULL;
343 int r;
344
345 assert_return(optlen > 1, -ENODATA);
346 assert_return(optval[optlen - 1] == '\0', -EINVAL);
347
348 while (pos < optlen) {
349 _cleanup_free_ char *ret = NULL;
350 size_t n = 0, allocated = 0;
351 bool first = true;
352
353 for (;;) {
354 uint8_t c;
355
356 c = optval[pos++];
357
358 if (c == 0)
359 /* End of name */
360 break;
361 else if (c <= 63) {
362 const char *label;
363
364 /* Literal label */
365 label = (const char *)&optval[pos];
366 pos += c;
367 if (pos > optlen)
368 return -EMSGSIZE;
369
370 if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) {
371 r = -ENOMEM;
372 goto fail;
373 }
374
375 if (first)
376 first = false;
377 else
378 ret[n++] = '.';
379
380 r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX);
381 if (r < 0)
382 goto fail;
383
384 n += r;
385 continue;
386 } else {
387 r = -EBADMSG;
388 goto fail;
389 }
390 }
391
392 if (!GREEDY_REALLOC(ret, allocated, n + 1)) {
393 r = -ENOMEM;
394 goto fail;
395 }
396
397 ret[n] = 0;
398
399 r = strv_extend(&names, ret);
400 if (r < 0)
401 goto fail;
402
403 idx++;
404 }
405
406 *str_arr = names;
407 names = NULL;
408
409 return idx;
410
411 fail:
412 return r;
413 }
Unnamed repository; edit this file 'description' to name the repository.